Introduction

Bridging your network connection is a handy method for sharing your internet connection between two (or more) computers. It’s useful if you can’t buy a router with more than one ethernet port, or if you’re a college student in a dorm room with limited ethernet jacks and no router.

Basically, bridging is plugging one computer into another computer that already has a connection to a larger network (like the internet) and letting the bridged computer use the networked computer’s connection. To do so though, the networked computer needs to have two ethernet ports, one for the big network, and one for the bridged computer. Make sure that before starting that the computer you’re gonna bridge through has two ethernet ports, and that the hardware is capable of bridging ethernet connections (it probably should be).

Installing the software

The program you’re going to need is called brctl and is included in bridge-utils. Find it in Synaptic, or install it using this command:

# aptitude install bridge-utils

This program will allow us to set up and use the bridge interface. The bridge interface appears as a new interface in ip link, much like eth0 or eth1. It doesn’t physically exist on your computer, but instead it is a virtual interface that just takes the packets from one physical interface, and transparently routes them to the other.

Setting up your Bridge

Manual bridge setup

Note: All these commands are to be issued on the computer with the existing network connection. To set up the computer that’s going to be bridged, just set it up normally, as you would any other computer. You CAN use DHCP, or you can use a static address. It doesn’t matter.

First step to creating the bridge network is actually creating it. Issue this command to get the ball rolling and create the new interface.

# brctl addbr br0

The name br0 is totally up to you, this is just an example name that I’ve chosen for the wiki article. Anyway, now that you have your bridge device, you have to add the interfaces that are gonna be bridged. You can cross-check the enumeration of your ethernet devices with (eth0, eth1, etc. is common):

# ip addr show

Add both the interface with the second computer, and the interface that leads to the existing network. Do it with this command:

# brctl addif br0 eth0 eth1

This will add the two interfaces eth0 and eth1 to bridge br0. Simple enough. There’s no distinction with how you add the bridges, or what order you do it, or any special commands you have to add to distinguish them. So don’t worry about that.

Well, now we have our bridges, so bring all the interfaces up, and you’ll be set!

Configuring bridging in /etc/network/interfaces

To make your bridge a little more permanent, you’re gonna need to edit /etc/network/interfaces. Using our example names, make it look like this and you’re set (if you want to use DHCP):

As can be seen, guest network interfaces vnet0, vnet1 and vnet2 are bound with the physical interface eth0 in the bridge br0. The virbr0 interface only used for NAT connectivity with libvirt.

Bridging with a wireless NIC

Just like you can bridge two wired ethernet interfaces, you can bridge between an ethernet interface and a wireless interface. However, most Access Points (APs) will reject frames that have a source address that didn’t authenticate with the AP. Since Linux does ethernet bridging transparently (doesn’t modify outgoing or incoming frames), we have to set up some rules to do this with a program called ebtables.

ebtables Overview

ebtables is essentially like iptables, except it operates on the MAC sublayer of the data-link layer of the OSI model, instead of the network layer. In our case, this allows to change the source MAC address of all of our frames. This is handy because we fool our AP into thinking that all of our forwarded frames come from the machine which authenticated to the AP.

bridge-utils Modifications

Before this will work, you need to modify your /etc/network/interfaces file, and add this line to your bridge stanza:

Obviously replacing $MAC_ADDRESS_OF_YOUR_WIRELESS_CARD with the actual MAC address of your wireless card, and $YOUR_ESSID as the ESSID of your wireless network. If you don’t know your MAC address, you can find it by typing

# ip link show wlan0

Where wlan0 is your wireless interface. Your MAC address is listed as the HWaddr.

Setting up the rules

First, install ebtables:

# aptitude install ebtables

Now we can start setting up the rules. The syntax for ebtables is almost identical to that of iptables, so if you have experience with iptables, this will look pretty familiar to you.

The first rule we’re going to set up will change the source MAC address of all our incoming frames from the AP to the MAC address of our bridge.